Q: How can we verify that a Software Restriction Policy (SRP) rule we defined for one of our applications is effectively applied?

A:
The most obvious way for troubleshooting SRP behavior is by checking the application event logs on your systems. When an SRP rule is applied, Windows
automatically generates events in the application event log. These events have an event ID between 865 and 868 and show the details of the process that
triggered the SRP rule. The different event IDs and their meanings are summarized in Table 1.

(Click table for larger view.)

If you want more detail than the event log shows, you can enable verbose trace logging of SRP. This process generates a special SRP log file that
records the rule that's used by SRP when it checks whether a specific program should be allowed to run.

To enable verbose trace logging of SRP, you must add a registry value named LogFileName of type REG_SZ to the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers. As the LogFileName value, enter the path to the SRP log file -- for
example, c:\logs\srplog.txt.

You can also use the command line to enable and disable verbose SRP trace logging. To enable logging, enter